Users will get several warnings before things start to break.

Share this story

The "six strikes" anti-piracy program is on its way, for real. Jill Lesser, head of the Center for Copyright Information—the enforcement agency in charge of the system—confirmed that the system is coming this year in a September interview with Ars. Speaking at a New York Internet conference, representatives of two of the biggest ISPs, Verizon and Time Warner, have finally described how their systems will work.

Despite the "six strikes" moniker, both Verizon and Time Warner talked about systems that work in three essential phases. First comes the "notice" phase, which simply involves letting users know they've been tracked on copyright-infringing sites. Verizon customers, for example, will send notifications to primary account holders via both e-mail and telephone. "We send a notice to the customer, saying there's been an allegation [of] illegal activity with copyrighted files," said Verizon VP Link Hoewing.

Next is the "acknowledgement" phase. This is when the customer will have to actually acknowledge having received those notices. Hoewing said his company's customers will experience this as a pop-up window. The idea here is to make extra sure they're getting to the right people. In a house or apartment with a shared Internet connection, he noted, five people may be using the same account, with just one person—likely not the account holder—engaged in copyright infringement.

Finally, there's the "mitigation" phase. This is when users who have traded copyrighted files are actually punished, and Time Warner and Verizon take different tacks here. Verizon users will have their speeds throttled for between two and three days, said Hoewing. And even then, they'll have the right to appeal the case, which will be handled by an independent arbitration firm, he said. (The user will have to pay a $35 filing fee for the appeal.) Before the speed reduction begins, subscribers will be given a 14-day advance notice.

Time Warner users will see popular websites blocked. "We're constructing a soft landing area, where the customer is restricted in the type of browsing that they can do," said Time Warner VP Fernando Laguarda. "If they appeal, all those measures are suspended pending the appeal."

The target of "six strikes" is the casual copyright infringer, not dedicated pirates. At one point, moderator Declan McCullagh of CNET asked how the content owners and ISPs would deal with customers who might use a system like TOR to hide their identity. "Will this just push determined pirates into a darker area of the Internet?" he asked. "Will you just catch the loser ones, who aren't that smart?"

CCI head Jill Lesser responded that the goal isn't to stop "serial pirates" trying to avoid IP laws. Rather, it's to educate "the vast majority of the people for whom trading in copyrighted material has become a social norm, over many years."

Both the content company participants and the ISPs emphasized that "education" is the goal, rather than lawsuits. "This is not about suing users at all," said Ron Wheeler, a senior VP at Fox Broadcasting who was on the panel. "This system is not designed to produce lawsuits—it's designed to produce education."

Other ISPs may be participating soon. A Cox spokesperson told TorrentFreak, which first reported on the conference, that it was invited to participate but decided not to, for now.

176 Reader Comments

What a joke this is. If they notify you through DNS routing, and most of us self respecting internet users DONT use the ISP's DNS servers, we won't ever see them. So, what are they going to do if they keep sending DNS notifications and I don't see them? What if they give me 6 strikes through their putrid DNS thingie and I don't "acknowledge" them, will they then cut my internet off? And paying $35 fee? Fuck that, that's when I go straight to a paid VPN and never worry about their pathetic 6 strikes bullshit. I don't do much torrenting (daily show and colbert seem to be the only things I torrent anymore besides ISOs), and I would rather spend $10 a month on a good VPN than go back to inferior cable and pay them an extra $60 a month for 600 channels of utter low IQ shit that I will never watch. The ISP's can go fuck themselves. We have no competition in this "free market", it's a joke. Anyone else says differently is an idiot with nothing to show otherwise. Cable companies have a monopoly, period. DSL is not competition.

Side note, what are the good VPN's you guys use? I don't mind paying for them, would rather they get my money than any of these inferior cocksuckers that support this. Send me the info through PM if you don't want to advert the good ones.

Sweet. So if I wanted to screw a neighbor, now all one needs to do is hack their WPA password and visit piratebay a few times! Watch Anonymous take this tack with high-level employees of these companies and grab a bowl of popcorn!

Is there a complete bottleneck on info coming from the PR people pushing this initiative, or is Ars just leaving out the important details in their write ups? Is this just an anti-torrent/file hosting initiative, or is this even reaching into IRC and the old school types of piracy?

When you signed up for that internet connection, you agreed to the terms of service via the service contract. Almost all ISPs have a list of prohibited behavior such as committing illegal crimes with their service. Almost all contracts have a provision that the account holder is responsible for ALL traffic on their connection.

That means you, as the subscriber, are liable under your contract for behavior that others do on your network. If you have an open wifi, and creepy van guy is parked in front of your house and uses it to download kiddy porn, guess what! While it may not stand up in a court of law that you are directly responsible for the illegal action sof others on your network, you can certainly be held responsible by the ISP and be cut off.

Don't like it, then you should find an ISP without such terms in their contract. Good luck with that.

I think those contracts have actually stood up in court one time, and that was in east texas. Bottom line is they all have that in their contract, but just because it is in a contract does not mean that they are off the hook / you are immediately in the blame. They put stuff like that in contracts because their legal company says it makes them not liable, but the fine print only matters if a court finds it justified - which they have not been doing.

My concern is the same as that of glap1922, about this line: "First comes the "notice" phase, which simply involves letting users know they've been tracked on copyright-infringing sites."

This is far more radical than anything we've heard about before. In previous articles on various sites it was said that the ISPs will receive reports from supposedly "independent" organizations that supposedly monitor *actual infringement* . But now we're subject to this "prove yourself innocent" routine for merely visiting sites where there is something offered in violation of copyright?

That's only the first issue. Suppose I look at example.com and the page says, listen to this song, with a link to songname.mp3. (b) The ISP knows I Iooked at this site? How does this not violate wiretapping statutes? (c) How could anyone have any practical way of finding out whether this offer of a file is made with or without the copyright holder's permission?

I find the entire setup puzzling and aimed at attempting to extort more money from already-paying customers. Especially since it will affect mostly non-tech savvy people, e.g. our parents.

Quote:

First comes the "notice" phase, which simply involves letting users know they've been tracked on copyright-infringing sites. Verizon customers, for example, will send notifications to primary account holders via both e-mail and telephone. "We send a notice to the customer, saying there's been an allegation [of] illegal activity with copyrighted files," said Verizon VP Link Hoewing.

By sending notice to the customer, they are not, in fact, "letting users know". I the account is in my SO's name, and I'm DLing (allegedly) infringing material, I will not get the notice. Although I am the user causing the problem. Multiply that across households with children or other multi-person arrangements.

Quote:

This is when the customer will have to actually acknowledge having received those notices. Hoewing said his company's customers will experience this as a pop-up window. The idea here is to make extra sure they're getting to the right people. In a house or apartment with a shared Internet connection, he noted, five people may be using the same account, with just one person—likely not the account holder—engaged in copyright infringement.

So, the customer (presumably, the account holder) receives the notices. Is there any information identifying when it occurred, the property that was allegedly illegally DLed, or the device allegedly used? Apparently, they'll be doing some packet sniffing for the program any way, so they may as well bust the privacy bullshit wide open and at least let the customer have a shot at finding what the problem is.

Quote:

Finally, there's the "mitigation" phase. This is when users who have traded copyrighted files are actually punished, and Time Warner and Verizon take different tacks here. Verizon users will have their speeds throttled for between two and three days, said Hoewing. And even then, they'll have the right to appeal the case, which will be handled by an independent arbitration firm, he said. (The user will have to pay a $35 filing fee for the appeal.) Before the speed reduction begins, subscribers will be given a 14-day advance notice.

And there's the possible alternative income stream! You throttle someone's connection (even erroneously) and they have to cough up a $35 fee. But there's nothing about informing the customer how to avoid the problem. How significant is the throttle? Do you throttle me more for DLing The Little Mermaid and throttle me less for DLing Battlefield Earth? Does the appeal take more than 3-4 days? What's involved in the appeal? Will Verizon immediately remove the throttle while the appeal is pending?

Quote:

Time Warner users will see popular websites blocked. "We're constructing a soft landing area, where the customer is restricted in the type of browsing that they can do," said Time Warner VP Fernando Laguarda. "If they appeal, all those measures are suspended pending the appeal."

So, Time Warner will immediately suspend the block and give me back Facebook or Google or whatever websites they deem "popular". What metric is used to determine popular? Based on my browsing history?

Quote:

The target of "six strikes" is the casual copyright infringer, not dedicated pirates.

This made me laugh. Because the "casual" copyright infringer is the supposedly huge financial drain on music and movies? No, it's because the casual copyright infringer is an ISP customer who's probably paying their bills and has an extra $35 they can spend to get their service back. Because $35 is what? A hugely punitive amount that will make someone think, six months later, "Oh, I better not download Cars IV illegally because that'll cost me thirty-five whole dollars!"? No. It's a safe amount that will provide ISPs with extra income while, simultaneously, having negligible impact on the alleged financial drain of "piracy".

Quote:

Both the content company participants and the ISPs emphasized that "education" is the goal, rather than lawsuits. "This is not about suing users at all," said Ron Wheeler, a senior VP at Fox Broadcasting who was on the panel. "This system is not designed to produce lawsuits—it's designed to produce education."

Yet, there seems to be relatively no information on just how this education will effectively occur. With no way of actually identifying whom is DLing allegedly infringing content, hitting your paying customer with an additional fee to restore service, and no educational component, I cannot believe the chutzpah.

So this is frightening as can be. Instead of the corporations using the legal system that is in place to be neutral and protect all parties, the people that use those companies are going to be raked over coals to pay because "they've been tracked on copyright-infringing sites." When did we elect these companies into office.

But what I really wanted to say here was this, who can I write to or contact that can make this stop before this happens. I don't pirate, I don't want to be on the line because my network is not unbreakable. No company should be able to decide that they will implement their own legal system, just because the people told the government that what they had planned was a bad idea.

Time Warner and Verizon both install their routers with WEP encryption (at least as of 6 months ago). This encryption method is notoriously insecure. The average customer does not know that an educated computer user can crack their wireless WEP password and then use their internet to pirate copyrighted material. Given this possibility, it doesn't seem right that some people might be savvy enough to appeal on these grounds and "get off," while others who actually may have suffered this reality might have their internet connection affected.

It seems like this policy, while it might educate the "casual pirate," actually pushes the "dedicated pirate" to more devious ends. Fearing detection, it seems logical that the dedicated pirate would in fact hack their neighbor's passwords (conveniently made insecure by the ISPs themselves) and use those connections to pirate copyrighted material.

Further, it seems this policy would give a boost people who actually profit from piracy. If the casual pirate doesn't want to pay full price or wait for official release and they can no longer download that material for free, they might resort to buying infringing material from people who actually profit from copyright infringement.

They say their goal is "educating" the "casual" pirate, while admitting that "dedicated" pirates will pretty much see no change. To me this seems all too much like failed Drug War policies where minor possession charges make up the majority of arrests.

Another step towards the MAFIAA becoming the "Ministry of Truth". The USA is slowly becoming an Orwellian nightmare.

This makes me glad I do not live in the USA, however, my brother does, and I have already set him up with a VPN into my home network in the UK so that he doesn't get caught out by this.

We need to educate all Americans that this is an illegal money grab by the MAFIAA. Suing people directly wasn't working well for them so now they can charge anyone with an internet connection $35 whenever they feel like it. An IP is not a person. It is impossible to prove that any one person was using the machine with that IP at a given time, without even considering the implications of open wi-fi.How can it be legal to charge someone accused of a crime $35(non refundable) to prove their innocence? What ever happened to innocent until proven guilty? I hope the EFF get a hold of this and sue the arse off of all ISPs that signed upto it, AND the MPAA/RIAA etc that bribed them to take these measures.

Please everyone who is a customer of Cablevision, Verizon, Time Warner or Comcast goto the EFF site and send your ISP an email expressing your displeasure. The EFF have a form letter already written up and the various ISP contacts here:https://action.eff.org/o/9042/p/dia/act ... n_KEY=8547

I've started sending this article as well as the one on EFF's main site to every friend I have on facebook I advise everyone to follow. They want this to slide though under the rug and put in place without notice. Once its in place they conclude it will be impossible to change its momentum.

This is SOPA MKII backdoor ver. The major sites need to get off their rears and start posting this crap on their front pages and threaten brownouts.

All this will do is piss people off with the absurdity of it and also educate the "casual" pirates on how to avoid being caught.

Catching the random person who downloads a song here and there casually has zero effect on the bottom line of the "copyright" holder. A huge waste of time and resources.

Quote:

This is far more radical than anything we've heard about before. In previous articles on various sites it was said that the ISPs will receive reports from supposedly "independent" organizations that supposedly monitor *actual infringement* . But now we're subject to this "prove yourself innocent" routine for merely visiting sites where there is something offered in violation of copyright?

"Prove yourself innocent" is also a LOT harder than it initially sounds. It is fairly hard to prove a negative.

What the holy F did I just read!!?? "Hoewing said his company's customers will experience this as a pop-up window. The idea here is to make extra sure they're getting to the right people." Just how in the F is *that* going to work? That is packet snooping on a whole. notha. level. Granted it's been a while since I've had to remember lower level details of networking, but I didn't think this would even be possible for the scenario he described, especially on IP4. If I'm running behind a firewall/router with its own DHCP and NAT handling then when the traffic leaves that router the NAT info is stripped off/not included, leaving behind only the "public" routing data. Am I not remembering something here or how is it possible that a MITM can determine NAT data?

The other *really* creepy thing that was just stated, "between the lines", is that your ISP is going to snoop your packets on a low level, and then *intercept and modify* the traffic to cause a popup! (.. does a Lewis Black style motorboat followed by facial look of utter disbelief...).

Lastly, Unless that ISP requires some client-side software to always be on (not likely), this makes it sound as if they're only intercept the torrent file hunt via web browsers, not the actual data stream itself. Somehow I doubt they were able to get the makers of uTorrent, Azerus, Transmission, etc, to modify their applications to accept changed torrent data and turn it into a popup within the application.

What a joke this is. If they notify you through DNS routing, and most of us self respecting internet users DONT use the ISP's DNS servers, we won't ever see them. So, what are they going to do if they keep sending DNS notifications and I don't see them? What if they give me 6 strikes through their putrid DNS thingie and I don't "acknowledge" them, will they then cut my internet off? And paying $35 fee?

Most likely it will not be a simple DNS reroute. They'll lock your service at the CMTS. Same thing happens at wifi hot spots - no matter what you do they'll just route you to a trap page until you agree to a TOS or pay for it if necessary.

Otherwise, you could just hook up a cable modem and start surfing without a cable internet plan.

krispharper, I am not sure about Verizon, but Time Warner's method uses a cable modem/DNS based solution. It basically redirects all http traffic to an acknowledgement page. Once you click the button or link, it removes the DNS redirection.

I wonder if that means if you're one of those people (like me) who use google's DNS servers that you won't get redirected

Perhaps we need to table as many peripheral issues as possible, and just look at the technology for a moment. Like others, I perceive that enforcement would have to involve both DNS and DPI.

As has been noted, using alternate DNS providers is both trivial and popular - currently, that is. To prevent that, they'd have to do something that I'm not sure that any ISP has done yet: move some degree of packet inspection to the customer premise. (Edit: okay, they can do this at their end as well, I guess.) That's because DNS servers can run on nearly any port, so simple outbound request port detection checking can't be used. They'd have to sniff the packets for the protocol itself, and redirect all outbound DNS requests accordingly. Now, that might be possible with a firmware update to hardware that the user is leasing from the provider; not so much for a modem that the customer owns outright, so there's a snag there. Do you think they'd be willing to not only replace or upgrade every existing cable modem out there right now, but to FORCE user to use a carrier-provided modem? I'll make no wagers there.

DPI is harder to defeat/circumvent than DNS, at least for the mass market consumer. VPN? Sure, okay. How to they detect and defeat that? As long as you're using their pipes, they CAN do that at their end of the connection, with their own gear. Reliably? Not so sure. What do they do, stifle any and all 'unknown' or 'uncommon' protocols, and/or those which they cannot decrypt and evaluate? Again, no wagers.

When we consider the expense and complexity of full and effective implementation, do we come to the realization that maybe ISPs wouldn't really be so keen on doing it after all? Are their plans really much more than lip service to placate Big Content and government? Sure, they'll snare a lot of mass market consumers, initially. But then it stops, or slows to a trickle, until they're forced to escalate, dramatically, with major expense.

One argument against the above is that some, if not all, ISPs may want to do all of this anyway - particularly those who also happen to be content providers. Tricky stuff, that.

Warning to ISP's, this doesn't end well for you or anyone. This will only move the problem to darker corners, where the ISP cannot do anything about. The more they try to regulate and peek into your packets, the more I think we'll see ALL internet traffic become encrypted/anonymized...

krispharper, I am not sure about Verizon, but Time Warner's method uses a cable modem/DNS based solution. It basically redirects all http traffic to an acknowledgement page. Once you click the button or link, it removes the DNS redirection.

I wonder if that means if you're one of those people (like me) who use google's DNS servers that you won't get redirected

Glad I'm with Charter. Their position (for now) is that as an ISP all they do is provide a connection to the Web and it's content, they don't police it. If they do get a compaint, their tech department forwards it via email.

The downside with Charter is that they will sell you out in a heartbeat to pretty much anyone who asks for your account info whether you did anything wrong or not. While you don't see them beating down the door to jump in with this crowd, they haven't tried to turn away the boneheads that spam them with John Doe ip address requests either.

So while I like Charter, I am certain that while they don't chant the party line of Comcast, Verizon and their ilk, I wouldn't bet against them doing it quietly.

Glad I'm with Charter. Their position (for now) is that as an ISP all they do is provide a connection to the Web and it's content, they don't police it. If they do get a compaint, their tech department forwards it via email.

The downside with Charter is that they will sell you out in a heartbeat to pretty much anyone who asks for your account info whether you did anything wrong or not. While you don't see them beating down the door to jump in with this crowd, they haven't tried to turn away the boneheads that spam them with John Doe ip address requests either.

So while I like Charter, I am certain that while they don't chant the party line of Comcast, Verizon and their ilk, I wouldn't bet against them doing it quietly.

I used to be with an awesome ISP here in the UK called BE. They provided excellent DSL speeds at an excellent price with no usage caps. Really, completely unlimited usage. Their position was that you need to know the name of the person you are accusing (correct in the UK) and that the copyright holder did not have that information and told them to get a warrant if they wanted the ISP to hand over the name that matched the IP. Nothing further came of it because they had no proof any crime had been committed.

Such a shame I had to change ISP when I moved because the copper to my new house is RUBBISH.

I feel somewhat obligated to point out that this isn't a monitoring scheme and there's no actual packet inspection, they simply forward notices to you that are filed by a 3rd party, similar to a DMCA complaint. It's also worth pointing out that if your ISP presently receives one or more copyright violation complaints, many of them will simply terminate or suspend your service. I know Comcast for example will warn after 1 and 2 reports and ban you from the service after 3 complaints, and there is no official appeal process. Most people don't realize that the new system is actually a much better compromise than what you likely already have in the US.

IANAL but how is this not a bad faith breaking of the service contract between the ISP and the customer? The customer has paid for a parricular service and is being denied it. I see class action lawsuits and a rapid retreat once the lawyers get their hands on this.

And that's ignoring the questionable legality of the presumed deep packet inspection the ISPs would have to be performing.

Edit: OK, so maybe they aren't doing DPI. However doesn't that mean that the RIAA and MPAA are then interfering in the cotractual relationship between the ISP and the customer?

Can someone please explain how they plan on "detecting" infringing behavior? I don't really understand what that means. I had it in my head that originally they would only be passing on notices by 3rd party/copyright holders that detected you were infringing on things they owned.

Is all BitTorrent traffic considered infringing now? If not, how do they make the determination? Lots of games use BitTorrent for updates and is perfectly legal. And Linux ISO's of course...

This is why I'm so happy I have condointernet.net here in Seattle. 100mbps and unaffiliated with any of these douchebag cable/telecoms. I really hope companies like them continue to sprout up and expand so that others can have the benefit of a reliable, good service ISP.

They openly admit it won't catch the real pirates but still somehow thinks it's a good idea to implement? Is my sense of logic completely of of whack or why can't I see how increasing costs and pissing off customers without much return is a good idea?

The only thing this is good for is the lawyers. I just wish they would start the stupid thing so we can watch the lawyers file suit. Now would be a good time to switch your DNS provder.

If you ever notice a serivce degradation, call them up and ask what is going on. DO NOT UNDER ANY CIRCUMSTANCE CLICK THEIR ACCEPT button. Tell them that you demand your service restored to your full contracted service level. If they do not comply, file a lawsuit in small claims court.

krispharper, I am not sure about Verizon, but Time Warner's method uses a cable modem/DNS based solution. It basically redirects all http traffic to an acknowledgement page. Once you click the button or link, it removes the DNS redirection.

So what happens if I do not use their DNS? I instead use openDNS. Will that hijack my DNS and still re-route me?

Most captive portals aren't DNS based hijacks. They just look for any outbound HTTP requests and intercept them. DNS based hijacks introduce a lot more instability since they can't be sure how client software will cache DNS lookups.

35$ filing fee for an appeal? Gee, do I see a new business model on the horizon here?

Claim a user is infringing copyright, throttle and possibly block them, have them appeal, 'notice' you were wrong, unblock and drop all allegations. Result? The ISP or the consulting firm is 35$ richer, and the user has lost 35$, plus whatever financial losses they might suffer from the 'erroneous' blocking...

MAKE NO MISTAKE. This has nothing to do with Verizon or Time Warner caring about copyright, or "educating" anyone. This is about lining pockets. Notice that the "appeal period" suspends the redirecting to their "you've been bad" site in exchange for a fee. That's what they really want. They know statistically, there will be thousands of people who inadvertently or intentionally break these rules, they don't care which, and will pay the fee to get service back during the "appeal".

Just like red light cameras that are supposedly about "safety" (but are known to create more rear-end accidents - simultaneously collecting thousands of dollars), or credit bureaus/corporations, who walk hand in hand to create a system that won't give credit because you're a "bad person" for not paying them when they rigged the system to add outrageous interest payments and fees, or insurance companies, who try to collect the maximum amount of customer payments while minimizing payouts (usually resulting in failing to cover people who should have been covered, but were disqualified by stupid, unavoidable technicalities as a consequence of living in today's world). An example of this last one: Progressive insurance routinely sends out hoards of email about their services. But, when it's time for you to renew your policy, they get suspiciously quiet...hoping you'll forget to renew your policy. Suddenly, the technology-driven company that is so internet friendly and willing to blast you with email 24/7 is silent...waiting for you to forget. When you do (remember statistically, many people always will), even if you renew an hour after the policy expired, rather than suspend or terminate your coverage, they'll use it as an excuse to say your "coverage lapsed", and raise your rates. Or, consider the company that signs you up for a "free service" with a paid recurring subscription, knowing a percentage of customers will simply forget to cancel. Don't kid yourself about the value of the 1 or 2 months of service that were quietly billed to you but you didn't intend to purchase before you got around to cancelling. They were banking on a percentage of their customers forgetting to cancel and reaping those extra payments. And finally, take banks, that will let your checking account go overdraft by, say 4 or 5 purchases for purchases as small as $0.99 each before stopping your account "for your protection". Never mind the average of $80 of overdraft fees that accompany that $4 worth of spending. The account should have been stopped at zero "for my protection", not negative $4.

This scheme is no different. Time Warner and Verizon are waiting for you to unintentionally browse to a site that has copyrighted content so they can "warn" you several times - "for your education", then suspend your service, hoping you'll opt to "appeal" - an option that will cost you (as if they care about copyright in the first place...they're an ISP for God's sake).

I'm convinced that companies have lost all morals, and that it's now normal for them to exploit human nature in this way on a grand scale, with the excuse that "we warned you". (Oh, and yes, we did rig the system to catch you when you slipped and did something that we really don't care about, but with which we can use as an excuse to issue you a fee). They knew you'd do it anyway, even if you told yourself you wouldn't or that it wouldn't matter that much when it happened. They knew they'd get your $35 appeal, probably multiple times. And why not? They're likely the only gig in town. If you want good service, you don't realistically have a choice but to pay and stick with them. What's scary is that this behavior is now accepted as normal by the average consumer.

THIS is why competition is healthy. Companies know that when they're pitted against each other, they can't screw over customers like this...unless they all do it together. Don't even get me started on cell phone companies...

This is when the customer will have to actually acknowledge having received those notices. Hoewing said his company's customers will experience this as a pop-up window.

How exactly will this be implemented? Some sort of JavaScript redirect?

I'd assume through DNS servers, given most people use whatever DHCP gives them. I'm assuming that the 'disconnect' phase will never come, or this program gets suspended by all participants. This seems more like a money-grab, given how TW stops once the money lands, and Verizon simply lets the users wait it out if they don't appeal.